From 580da34847488b404218d1d7f53b156f245f5555 Mon Sep 17 00:00:00 2001
From: Alan Stern <stern@rowland.harvard.edu>
Date: Tue, 5 Aug 2008 13:05:17 -0400
Subject: [PATCH] Fix USB storage hang on command abort

Okay, I found the cause of the hang.  It is a simple bug in the USB
scatter-gather library, caused by changes added in response to the S-G
chaining modification.

This patch (as1125) fixes a bug in the USB scatter-gather library.
Early exit from the S-G initialization loop does not reset the count of
outstanding URBs.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: Matthew Dharm <mdharm-usb@one-eyed-alien.net>
Cc: David Brownell <david-b@pacbell.net>
Cc: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 drivers/usb/core/message.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index 2fcc06eb5e60a..586d6f1376cf7 100644
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -389,7 +389,6 @@ int usb_sg_init(struct usb_sg_request *io, struct usb_device *dev,
 	if (io->entries <= 0)
 		return io->entries;
 
-	io->count = io->entries;
 	io->urbs = kmalloc(io->entries * sizeof *io->urbs, mem_flags);
 	if (!io->urbs)
 		goto nomem;
@@ -458,6 +457,7 @@ int usb_sg_init(struct usb_sg_request *io, struct usb_device *dev,
 	io->urbs[--i]->transfer_flags &= ~URB_NO_INTERRUPT;
 
 	/* transaction state */
+	io->count = io->entries;
 	io->status = 0;
 	io->bytes = 0;
 	init_completion(&io->complete);
-- 
GitLab